CVE-2021-44650
First published: Wed Jan 12 2022(Updated: )
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ManageEngine M365 Manager Plus | <4.4 | |
| ManageEngine M365 Manager Plus | =4.4 | |
| ManageEngine M365 Manager Plus | =4.4-build4400 | |
| ManageEngine M365 Manager Plus | =4.4-build4401 | |
| ManageEngine M365 Manager Plus | =4.4-build4402 | |
| ManageEngine M365 Manager Plus | =4.4-build4403 | |
| ManageEngine M365 Manager Plus | =4.4-build4406 | |
| ManageEngine M365 Manager Plus | =4.4-build4407 | |
| ManageEngine M365 Manager Plus | =4.4-build4408 | |
| ManageEngine M365 Manager Plus | =4.4-build4410 | |
| ManageEngine M365 Manager Plus | =4.4-build4411 | |
| ManageEngine M365 Manager Plus | =4.4-build4412 | |
| ManageEngine M365 Manager Plus | =4.4-build4413 | |
| ManageEngine M365 Manager Plus | =4.4-build4414 | |
| ManageEngine M365 Manager Plus | =4.4-build4415 | |
| ManageEngine M365 Manager Plus | =4.4-build4416 | |
| ManageEngine M365 Manager Plus | =4.4-build4417 | |
| ManageEngine M365 Manager Plus | =4.4-build4418 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-44650?
CVE-2021-44650 is a vulnerability in Zoho ManageEngine M365 Manager Plus before Build 4419 that allows remote command execution when updating proxy settings.
How severe is CVE-2021-44650?
CVE-2021-44650 has a severity rating of 7.2 (High).
What is the affected software?
The affected software is Zoho ManageEngine M365 Manager Plus versions up to and including 4.4, specifically 4.4-build4400 to 4.4-build4418.
How can the vulnerability be fixed?
To fix the vulnerability, users should update to Build 4419 of Zoho ManageEngine M365 Manager Plus.
Where can I find more information about CVE-2021-44650?
More information about CVE-2021-44650 can be found at the following link: [Zoho ManageEngine M365 Manager Plus Release Notes](https://www.manageengine.com/microsoft-365-management-reporting/release-notes.html?Build=4419)
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zohocorp
- canonical/manageengine m365 manager plus
- version/manageengine m365 manager plus/4.4
- version/manageengine m365 manager plus/4.4-build4400
- version/manageengine m365 manager plus/4.4-build4401
- version/manageengine m365 manager plus/4.4-build4402
- version/manageengine m365 manager plus/4.4-build4403
- version/manageengine m365 manager plus/4.4-build4406
- version/manageengine m365 manager plus/4.4-build4407
- version/manageengine m365 manager plus/4.4-build4408
- version/manageengine m365 manager plus/4.4-build4410
- version/manageengine m365 manager plus/4.4-build4411
- version/manageengine m365 manager plus/4.4-build4412
- version/manageengine m365 manager plus/4.4-build4413
- version/manageengine m365 manager plus/4.4-build4414
- version/manageengine m365 manager plus/4.4-build4415
- version/manageengine m365 manager plus/4.4-build4416
- version/manageengine m365 manager plus/4.4-build4417
- version/manageengine m365 manager plus/4.4-build4418